This topic describes the procedure for restoring your critical backend Pivotal Cloud Foundry (PCF) components with BOSH Backup and Restore (BBR), a command-line tool for backing up and restoring BOSH deployments. To perform the procedures in this topic, you must have backed up PCF by following the steps in the Backing Up Pivotal Cloud Foundry with BBR topic.

The procedures described in this topic prepare your environment for PCF, deploy Ops Manager, import your installation settings, and use BBR to restore your PCF components.

WARNING: Restoring PCF with BBR is a destructive operation. If the restore fails, the new environment may be left in an unusable state and require reprovisioning. Only perform the procedures in this topic for the purpose of disaster recovery, such as recreating PCF after a storage-area network (SAN) corruption.

WARNING: When validating your backup, the VMs and disks from the backed-up BOSH Director should not be visible to the new BOSH Director. As a result, Pivotal recommends that you deploy the new BOSH Director to a different IaaS network and account than the VMs and disks of the backed up BOSH Director.

WARNING: For PCF v2.0, BBR only supports backup and restore of environments with zero or one CredHub instances.

Note: If the BOSH Director you are restoring had any deployments that were deployed manually rather than through an Ops Manager tile, you must restore them manually at the end of the process. For more information, see (Optional) Step 16: Restore Non-Tile Deployments.

Compatibility of Restore

This section describes the restrictions for a backup artifact to be restorable to another environment.
This section is for guidance only, and Pivotal highly recommends that operators validate their backups by using the backup artifacts in a restore.

Consult the following restrictions for a backup artifact to be restorable:

CIDR ranges: BBR requires the IP address ranges to be the same in the restore environment as in the backup environment.

Topology: BBR requires the BOSH topology of a deployment to be the same in the restore environment as it was in the backup environment.

Naming of instance groups and jobs: For any deployment that implements the backup and restore scripts, the instance groups and jobs must have the same names.

Number of instance groups and jobs: For instance groups and jobs that have backup and restore scripts, there must be the same number of instances.

Limited validation: BBR puts the backed up data into the corresponding instance groups and jobs in the restored environment,
but can’t validate the restore beyond that.
For example, if the MySQL encryption key is different in the restore environment,
the BBR restore might succeed although the restored MySQL database is unusable.

PCF version: BBR can restore to the same version of PCF that was backed up. BBR does not support restoring to other major, minor, or patch releases.

Note: A change in VM size or underlying hardware will not affect BBR’s ability to restore data, as long as there is adequate storage space to restore the data.

Restore Workflow

Click the diagram below to see the full-size image.

The diagram above shows the flow of the PCF restore process in a series of steps performed by the PCF operator. The following steps will be covered in more detail throughout this topic.

Remove bosh-state.json: SSH into your Ops Manager VM and delete the bosh-state.json file. See the Remove BOSH State File step below for more information.

Apply Changes (Director only): Use the Ops Manager API to only deploy the BOSH Director. See the Deploy the BOSH Director step below for more information.

bbr restore <director>: Run the BBR restore command from your jumpbox to restore the BOSH Director. See the Restore the BOSH Director step below for more information.

Use BOSH cck to fix the stale cloud ID references in the BOSH database: For each deployment in the BOSH Director, you will need to run a bosh cloud-check command. See the Remove Stale Cloud IDs for All Deployments step for more information.

bbr restore PAS: Run the BBR restore command from your jumpbox to restore PAS. See the Restore PAS step below for more information.

Prepare to Restore

This section provides the steps you need to perform before restoring your PCF backup with BBR.

Step 1: (Optional) Prepare Your Environment

In an event of a disaster, you may lose not only your VMs and disks, but your IaaS resources as well, such as networks and load balancers.

If you need to recreate your IaaS resources, prepare your environment for PCF by following the instructions specific to your IaaS in Installing Pivotal Cloud Foundry.

Note: The instructions for installing PCF on Amazon Web Services (AWS) and OpenStack combine the procedures for preparing your environment and deploying Ops Manager into a single topic. The instructions for the other supported IaaSes split these procedures into two separate topics.

Enter the Decryption Passphrase in use when you exported the installation settings from Ops Manager.

Click Choose File and browse to the installation zip file that you exported in the Step 9: Export Installation Settings section of the Backing Up Pivotal Cloud Foundry with BBR topic.

Click Import.

Note: Some browsers do not provide feedback on the status of the import process, and may appear to hang. The import process takes at least 10 minutes, and takes longer the more tiles that were present on the backed-up Ops Manager.

OPS-MAN-FQDN is the fully-qualified domain name (FQDN) for your Ops Manager deployment.

UAA-ACCESS-TOKEN is the UAA access token. For more information about how to retrieve this token, see Using the Ops Manager API.

DECRYPTION-PASSPHRASE is the decryption passphrase in use when you exported the installation settings from Ops Manager.

WARNING: Do not click Apply Changes in Ops Manager until the instruction in Step 14: Redeploy PAS.

Step 3: (Optional) Configure Ops Manager for New Resources

If you recreated IaaS resources such as networks and load balancers by following the steps in the Step 1: (Optional) Prepare Your Environment section above, perform the following steps to update Ops Manager with your new resources:

Note: In advanced mode Ops Manager will allow you to make changes that are normally disabled. You may see warning messages when you save changes.

Navigate to the Ops Manager Installation Dashboard and click the BOSH Director tile.

If you are using Google Cloud Platform (GCP), click Google Config and update:

Project ID to reflect the GCP project ID.

Default Deployment Tag to reflect the environment name.

AuthJSON to reflect the service account.

Click Create Networks and update the network names to reflect the network names for the new environment.

If your BOSH Director had an external hostname, you must change it in Director Config > Director Hostname to ensure it does not conflict with the hostname of the backed up Director.

Return to the Ops Manager Installation Dashboard and click the Pivotal Application Service (PAS) tile.

Click Resource Config. If necessary for your IaaS, enter the name of your new load balancers in the Load Balancers column.

If necessary, click Networking and update the load balancer SSL certificate and private key under Certificates and Private Keys for HAProxy and Router.

If your environment has a new DNS address, update the old environment DNS entries to point to the new load balancer addresses. For more information, see the Step 4: Configure Networking section of the Using Your Own Load Balancer topic and follow the link to the instructions for your IaaS.

If your PAS uses an external blobstore, ensure that the PAS tile is configured to use a different blobstore, otherwise it will attempt to connect to the blobstore that the backed up PAS is using.

Ensure your System Domain and Apps Domain under PAS Domains are updated to refer to the new environment’s domains.

Step 5: Deploy the BOSH Director

Step 6: Transfer Artifacts to Jumpbox

In the Step 9: Back Up Your PAS Deployment section of the Backing Up Pivotal Cloud Foundry with BBR topic, in the After Taking the Backups section you moved the TAR and metadata files of the backup artifacts off your jumpbox to your preferred storage space. Now you must transfer those files back to your jumpbox.

Restore Your Backup

This section provides the steps you need to perform to restore your PCF backup with BBR.

Step 7: Retrieve BOSH Director Credentials

To use BBR, you must retrieve and record the following credentials:

Bosh Director Credentials

Bbr Ssh Credentials

Uaa Bbr Client Credentials

There are two ways to retrieve BOSH Director credentials:

Ops Manager Installation Dashboard

Ops Manager API

Option 1: Ops Manager Installation Dashboard

To retrieve your BOSH Director credentials using the Ops Manager Installation Dashboard, perform the following steps:

Navigate to the Ops Manager Installation Dashboard.

Click the BOSH Director tile.

Click the Credentials tab.

Locate Director Credentials.

Click Link to Credentials next to it.

Verify the value of the identity field. It should be director.

Copy and record the value of the password field.

Locate Bbr Ssh Credentials.

Click Link to Credentials next to it.

Copy the value of the private_key_pem field.

Run the following command to reformat the copied value, and save it in the current directory to a file named PRIVATE-KEY-FILE:

printf -- "YOUR-PRIVATE-KEY" > PRIVATE-KEY-FILE

Where:

YOUR-PRIVATE-KEY is the text of your private key.

PRIVATE-KEY-FILE is the path to the private key file you are creating.

Step 9: Restore the BOSH Director

Notes:

The BBR BOSH Director restore command can take at least 15 minutes to complete.

Pivotal recommends that you run it independently of the SSH session, so that the process can continue running even if your connection to the jumpbox fails. The command above uses nohup but you could also run the command in a screen or tmux session.

SSH into your jumpbox. If you are using the Ops Manager VM as your jumpbox,
see the Log in to the Ops Manager VM with SSH section of
Advanced Troubleshooting with the BOSH CLI for procedures on how to use SSH to connect to the Ops Manager VM.

Ensure the BOSH Director backup artifact is in the folder you from which you will run BBR.

Run the BBR restore command from your jumpbox to restore the BOSH Director:

In the above example, the name of the BOSH deployment that contains PCF is cf-example. PATH-TO-BOSH-SERVER-CERTIFICATE is the path to the root Certificate Authority (CA) certificate for the BOSH Director. If you are using the Ops Manager VM as your jumpbox, the path is /var/tempest/workspaces/default/root_ca_certificate.

If the bosh cloud-check command does not successfully delete disk references, and you see a message similar to the following,
perform the additional procedures in the Remove Unused Disks section below.

Scanning 19 persistent disks: 19 OK, 0 missing ...

Step 12: Redeploy PAS

Determine the Required Stemcells

Perform either the following procedures to determine which stemcell is used by PAS:

Review the Stemcell Librbary:

Go to Stemcell Library.

Record the PAS stemcell release number from the Staged column.

Review a Stemcell List Using BOSH CLI:

To retrieve the stemcell release using the BOSH CLI, run the following command:

PATH-TO-BOSH-SERVER-CERTIFICATE is the path to the Certificate Authority
(CA) certificate for the BOSH Director, if the certificate is not verifiable
by the local machine’s certificate chain.

PATH-TO-STEMCELL is the path to your tile’s stemcell.

To ensure the stemcells for all of your other installed tiles have been uploaded,
repeat the last step, running the bosh upload-stemcell --fix PATH-TO-STEMCELL command,
for each stemcell that is different from the already uploaded PAS stemcell.

Step 14: Restore PAS

Notes:

The BBR PAS restore command can take at least 15 minutes to complete.

Pivotal recommends that you run it independently of the SSH session, so that the process can continue running even if your connection to the jumpbox fails. The command above uses nohup but you could also run the command in a screen or tmux session.

Refer to the table in Enabling External Blobstore Backups. If external blobstore support is not included in the version of Ops Manager and PAS you are using, restore the external blobstore with your IaaS-specific tools before restoring PAS.

PATH-TO-BOSH-SERVER-CERTIFICATE is the path to the Certificate Authority
(CA) certificate for the BOSH Director, if the certificate is not verifiable
by the local machine’s certificate chain.

PATH-TO-PAS-BACKUP is the path to the PAS backup you want to restore.

If desired, scale the MySQL Server job back up to its previous number of instances by navigating to the
Resource Config section of the PAS tile. After scaling the job, return to the Ops Manager Installation Dashboard.

Step 15: (Optional) Restore On-Demand Service Instances

If you have on-demand service instances provisioned by an on-demand service broker, perform the following steps to restore them after successfully restoring PAS:

Navigate to an on-demand service tile in the Installation Dashboard.

Select the Errands tab.

Ensure the Upgrade All Service Instances errand is On.

Repeat for all on-demand service tiles.

Return to the Installation Dashboard and run Apply Changes. This will include running the Upgrade All Service Instances errand for the on-demand service, which will redeploy the on-demand service instances.

(Optional) Restore service data to every on-demand service instance.

Any app on PAS bound to an on-demand service instance may need to be restarted to start consuming the restored on-demand service instances.

Step 16: (Optional) Restore Non-Tile Deployments

If you have any deployments that were deployed manually with the BOSH Director rather than through an Ops Manager tile, perform the following steps to restore the VMs.

To obtain a list of all deployments on your BOSH Director, run the following command: